Tuesday, 23 February 2010

5 Steps to Legal Risk Management

Not so long ago I was invited to participate in a Legal Risk Management conference for in-house counsel. Despite being an in-house lawyer for many years, I’ve never actually owned a file labelled “Legal Risk Management” which I could use as a reference for arranging my thoughts on this obviously very important topic ahead of the event, and so it was with some trepidation that I arrived at the conference not really being quite sure what I could contribute.

However, what transpired was a very productive and animated discussion between in-house counsel on their experiences of what legal risk management means to them and their businesses, and I was pleased to be able to contribute based on my experience also as most of the best practice steps will be second-nature to seasoned in-house professionals.

There isn't one specific definition of legal risk management. For the purposes of this post, I understand the term to simply mean “the risk to a business of an event occurring which brings about a legal consequence impacting the business”.

Here are my 5 steps to legal risk management:

1. Conduct a Legal Audit
To be effective, legal risk management must be based on a thorough understanding of the business’ key activities, stakeholders and objectives and this can only be achieved by conducting regular legal audits and working with the business’ management team to analyse the risks, prioritise their management and anticipate the legal requirements of the business.

The audit will also facilitate the management of the “corporate memory”, essential for future due diligence exercises and the storage of key corporate data and documents, and it can lay the foundations for an ongoing compliance and risk management strategy.

2. Communicate, Educate, Co-operate
In-house counsel cannot manage legal risk single-handedly. It’s imperative that the legal risks are communicated to the wider business to ensure they are supported and, vice versa, that the wider business objectives and demands are facilitated in the legal risk management strategy.

One way to achieve that communication is through legal risk awareness training sessions tailored to the audience within the business which is either most exposed to or best placed to handle the risk being communicated. Training sessions are a perfect opportunity for in-house counsel to demonstrate that they are working with the business (not against it), and are also a good pre-cursor to introducing new business guidelines to assist colleagues with the practical day-to-day management of the legal risks which have been identified.

Although some legal risks are stand-alone, don’t forget that many legal risks dovetail with financial, reputational, operational, political, regulatory and tax risks; so, legal risk management is just one part of a more broad risk management strategy within a business. It’s a challenge for those new to the role of in-house counsel to balance their risk-averse nature against both these other risks and the essential quality of risk-acceptance in any successful entrepreneurial business; but, once mastered, this skill will make the commercially aware in-house lawyer stand out in the crowd from those lawyers sitting in their ivory towers.

3. Compliance and Governance Policies
Underpinning any legal risk management strategy is the requirement for a comprehensive set of compliance and governance policies. Policy making is a key tool which in-house counsel have within their remit to positively influence the way in which business is conducted and to set the standard for expected behaviour. It is essential that all such policies have the buy-in and support of the management team, and that the legal department has a defined role in implementing and ensuring compliance with the policies.

4. Operations
The daily operations of a business always prove to be the most fertile ground for legal input. An abundance of legal consequences can be found in supply, manufacturing and distribution chains, protection of intellectual property rights, brand protection (online and offline), pending and threatened litigation, product liability, sales and marketing practice, insurance, property matters, employment and HR practice, industry regulation as well as company secretarial, board and shareholder matters.

Good working relationships with colleagues operating in each of these areas are essential for in-house counsel to play an effective and valued role within the business; the challenge is for the lawyer to be seen as part of the team, and not as an obstacle, to achieving operational outputs and objectives.

5. Legal Resource
The individual character of each business will determine its exposure to legal risk and the management tools required to best handle that risk. Inherent to that is the balance of matching and managing internal and external legal resource, and indeed other professional suppliers to the business. The tough economic conditions are resulting in more businesses expecting their legal teams to reduce head-count and manage costs more tightly, but arguably against a back-drop of increased legal risk. A core skill of the in-house lawyer in today’s world is their ability to manage the risks in this more intense climate by better clarifying the role of the legal function within the business, demonstrating value-add and selecting, managing and getting the most out of their internal and external legal resource.

Every business will have legal risks peculiar to it, but taking the above steps will help manage the risks which are core to most. Please comment and share your experiences of legal risk management.

No comments:

Post a Comment